CVE-2026-40576

excel-mcp-server is a Model Context Protocol server for Excel file manipulation. A path traversal vulnerability exists in excel-mcp-server versions up to and including 0.1.7. When running in SSE or Streamable-HTTP transport mode the documented way to use this server remotely, an unauthenticated...

CVE-2026-40576

CVE-2026-40576 summary (Excel-MCP Server) : A path-traversal flaw in excel-mcp-server (versions } } (Note: The response contains the required JSON object with the concise, fact-grounded insight in Markdown.) Wait: The above seems malformed. Need only a single JSON object with insight string. Let'...

EUVD-2026-23964

Spinnaker: RCE via expression parsing due to unrestricted context handling...

Spinnaker: RCE via expression parsing due to unrestricted context handling

Spinnaker is an open source, multi-cloud continuous delivery platform. Echo like some other services, uses SPeL Spring Expression Language to process information - specifically around expected artifacts. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, unlike orca, it was NOT...

PT-2026-34059

Frappe HR is an open-source human resources management solution HRMS. Prior to versions 15.58.2 and 16.4.2, authenticated users can access unauthorized files by exploiting certain api endpoint. Versions 15.58.2 and 16.4.2 contain a patch. No known workarounds are available...

PT-2026-34232

Name of the Vulnerable Software and Affected Versions lxml versions prior to 6.1.0 Description Using the default configuration with the resolve entities variable set to True allows untrusted XML input to read local files. This issue affects the iterparse and ETCompatXMLParser functions...

ClearanceKit 安全漏洞

ClearanceKit is a macOS file system access control tool developed by Craig J. Bass. Versions of ClearanceKit prior to 5.0.6 contained security vulnerabilities. These vulnerabilities stemmed from the opfilter Endpoint Security system extension, which could be suspended or terminated by the root...

October 安全漏洞

October is an open-source content management system CMS and network platform developed by October. Versions prior to October 3.7.14 and 4.1.10 contained security vulnerabilities. These vulnerabilities were caused by improper handling of CSS preprocessor files, which could allow backend users with...

PT-2026-34038

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.6, the opfilter Endpoint Security system extension bundle ID uk.craigbass.clearancekit.opfilter can be suspended with SIGSTOP or kill -STOP, or killed with SIGKILL/SIGTERM, by any...

CVE-2026-32613

Spinnaker is an open source, multi-cloud continuous delivery platform. Echo like some other services, uses SPeL Spring Expression Language to process information - specifically around expected artifacts. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, unlike orca, it was NOT...

GHSA-QC5J-2MQX-X83Q Duplicate Advisory: OpenClaw: Webchat media embedding enforces local-root containment for tool-result files

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mr34-9552-qr95. This link is maintained to preserve external references. Original Description OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result media paths, allowi...

CVE-2026-41389

OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result media paths, allowing arbitrary local and UNC file access. Attackers can craft malicious tool-result media references to trigger host-side file reads or Windows network path access, potentially...

CVE-2026-41389 OpenClaw 2026.4.7 < 2026.4.15 - Arbitrary File Read via Unvalidated Tool-Result Media Paths

OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result media paths, allowing arbitrary local and UNC file access. Attackers can craft malicious tool-result media references to trigger host-side file reads or Windows network path access, potentially...

CVE-2026-34428

Vvveb prior to 1.0.8.1 contains a server-side request forgery vulnerability in the oEmbedProxy action of the editor/editor module where the url parameter is passed directly to getUrl via curl without scheme or destination validation. Authenticated backend users can supply file:// URLs to read...

CVE-2026-39454

The CVE-2026-39454 entry concerns SKYSEA Client View and SKYMEC IT Manager from Sky Co., Ltd. Allowing a non-administrative user to place or manipulate files in the product installation folder due to improper access permissions, potentially enabling arbitrary code execution with administrative pr...

Spinnaker 安全漏洞

Spinnaker is an open-source continuous delivery platform developed by Spinnaker. It is used to release software changes with high speed and confidence. Versions of Spinnaker prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2 contain security vulnerabilities. These vulnerabilities stem from the...

📄 Remote Sunrise Helper for Windows 2026.14 Arbitrary File Read

Remote Sunrise Helper for Windows 2026.14 suffers from an unauthenticated file read vulnerability. !/usr/bin/env python3 Exploit Title: Remote Sunrise Helper for Windows 2026.14 - Unauthenticated File Read Date: 2026-04-20 Exploit Author: Chokri Hammedi Software: https://rs.ltd/latest.php?os=win...

Roxy-WI 安全漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions of Roxy-WI prior to 8.2.6.4 contained security vulnerabilities. These vulnerabilities stemmed from a path traversal issue with the configver parameter in the POST /config//show API...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal through improper validation of user-supplied paths in the prefixed function. An attacker can read or write arbitrary files, create directories, and enumerate files outside the intended root directory by sending...

Wish has SCP Path Traversal that allows arbitrary file read/write

The SCP middleware in charm.land/wish/v2 is vulnerable to path traversal attacks. A malicious SCP client can read arbitrary files from the server, write arbitrary files to the server, and create directories outside the configured root directory by sending crafted filenames containing ../ sequence...